From 064e270ce4513c8d4c3bbc91fa2dfa6fd7ad574a Mon Sep 17 00:00:00 2001
From: uumas <gitcommit@uumas.fi>
Date: Thu, 12 May 2022 00:49:40 +0300
Subject: [PATCH] more modular reverse proxy config

---
 roles/reverse_proxy/defaults/main.yml |  2 ++
 roles/reverse_proxy/tasks/caddy.yml   |  8 +++++++-
 roles/reverse_proxy/tasks/main.yml    | 15 +++++++++++++++
 3 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/roles/reverse_proxy/defaults/main.yml b/roles/reverse_proxy/defaults/main.yml
index 4352d25..03cf213 100644
--- a/roles/reverse_proxy/defaults/main.yml
+++ b/roles/reverse_proxy/defaults/main.yml
@@ -1,3 +1,5 @@
 ---
 
 reverse_proxy_type: caddy
+proxy_target_protocol: http
+proxy_target_host: localhost
diff --git a/roles/reverse_proxy/tasks/caddy.yml b/roles/reverse_proxy/tasks/caddy.yml
index 79f0a9f..9b6df71 100644
--- a/roles/reverse_proxy/tasks/caddy.yml
+++ b/roles/reverse_proxy/tasks/caddy.yml
@@ -6,7 +6,13 @@
     marker: "# {mark} ANSIBLE MANAGED BLOCK {{ vhost_id }}"
     block: |
       {{ vhost_domains | join(' ') }} {
-        reverse_proxy {{ proxy_target }}
+        reverse_proxy {{ proxy_target_protocol }}://{{ proxy_target_host }}:{{ proxy_target_port }} {
+        {% if proxy_target_protocol == 'https' and proxy_target_host == 'localhost' %}
+          transport http {
+            tls_insecure_skip_verify
+          }
+        {% endif %}
+        }
       }
     validate: 'caddy validate --config %s --adapter caddyfile'
     backup: true
diff --git a/roles/reverse_proxy/tasks/main.yml b/roles/reverse_proxy/tasks/main.yml
index 8b6d114..a45c6d8 100644
--- a/roles/reverse_proxy/tasks/main.yml
+++ b/roles/reverse_proxy/tasks/main.yml
@@ -1,5 +1,20 @@
 ---
 
+- block:
+  - name: Split legacy proxy_target to protocol, host and port
+    set_fact:
+      proxy_target_split_protocol: "{{ proxy_target.split('://') }}"
+      proxy_target_split_host: "{{ (proxy_target_split_protocol | last).split(':') }}"
+      proxy_target_host: "{{ proxy_target_split_host[0] }}"
+      proxy_target_port: "{{ proxy_target_split_host[1] }}"
+
+  - name: Set proxy_target_protocol based on proxy_target
+    set_fact:
+      proxy_target_protocol: "{{ proxy_target_split_protocol[0] }}"
+    when: proxy_target_split_protocol | length == 2
+
+  when: proxy_target is defined and proxy_target_port is not defined
+
 - name: Setup {{ vhost_id }} reverse proxy
   include_tasks: "{{ reverse_proxy_type }}.yml"
   when: reverse_proxy_type != 'none'